According to Carole Theriault, security consultant at antivirus firm Sophos, "the emergence of Trojans and spyware targeted at specific firms brings a slew of new problems for IT administrators." The task is not only to keep bad stuff out, but to protect the information they own from being sent to unauthorized recipients.

Experts agree that firms should ensure they adhere to the fundamentals of a multilayered security strategy. In addition to the usual up-to-date patches, antivirus, IDS, IPS, firewalls and URL/email filtering tools, Theriault also insisted firms must maintain a comprehensive security framework. This includes an inventory of all computers on the network-remote as well as permanent-as well as a list of what each computer is running. "This will help an administrator better control the environment," he said.

As some hacks include insider information, it is also wise for companies to screen employees carefully and communicate what constitutes an information infringement.

McAfee's Gulloto suggests indirect help to combat these emerging threats. Firms should employ better education of employees and partners, improve awareness and use social engineering techniques to control user habits and behavior when faced with these threats, he said

(IDG staff contributed to this report.)